GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-03-14 06:48:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

radius (challenge-response): add MAX_CHALLENGES macro as a limit of password requests

Browse Source 
max-challenge configuration option removed as redundant; replaced by static constraint
via MAX_CHALLENGES macro

radius (challenge-response): remove  max-challenge configuration parameter

Signed-off-by: Alexey Dotsenko <lex@rwx.su>
This commit is contained in:
Alexey Dotsenko
2019-05-29 16:01:58 +03:00
parent 0153172c03
commit 97592426ce
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/auth/radius.c
View File

@@ -59,6 +59,8 @@
# define CHALLENGE_RC 3 # define CHALLENGE_RC 3
#endif #endif
#define MAX_CHALLENGES 16
static void radius_vhost_init(void **_vctx, void *pool, void *additional) static void radius_vhost_init(void **_vctx, void *pool, void *additional)
{ {
radius_cfg_st *config = additional; radius_cfg_st *config = additional;
@@ -452,10 +454,10 @@ static int radius_auth_pass(void *ctx, const char *pass, unsigned pass_len)
vp = vp->next; vp = vp->next;
} }
/* PW_STATE or PW_REPLY_MESSAGE is empty*/ /* PW_STATE or PW_REPLY_MESSAGE is empty or MAX_CHALLENGES limit exceeded*/
if ((pctx->pass_msg[0] == 0) || (pctx->state == NULL)) { if ((pctx->pass_msg[0] == 0) || (pctx->state == NULL) || (pctx->passwd_counter >= MAX_CHALLENGES)) {
strlcpy(pctx->pass_msg, pass_msg_failed, sizeof(pctx->pass_msg)); strlcpy(pctx->pass_msg, pass_msg_failed, sizeof(pctx->pass_msg));
syslog(LOG_ERR, "radius-auth: Access-Challenge with invalid State or Reply-Message"); syslog(LOG_ERR, "radius-auth: Access-Challenge with invalid State or Reply-Message, or max number of password requests exceeded");
ret = ERR_AUTH_FAIL; ret = ERR_AUTH_FAIL;
} }
goto cleanup; goto cleanup;